BrakeSec Education Podcast – Détails, épisodes et analyse

Youtube Video at: https://www.youtube.com/watch?v=yHPvGVfPgjI

Jay Beale is a principal security consultant and CEO/CTO for InGuardians. He is the architect of multiple open source projects, including the Peirates attack tool for Kubernetes (in Kali Linux), the Bustakube CTF Kubernetes cluster, and Bastille Linux. Jay created and leads the Kubernetes CTF at DEF CON and previously helped in the Kubernetes project's Security efforts. He's co-written eight books and given many public talks at Black Hat, DEF CON, RSA, CanSecWest, Blue Hat, ToorCon, DerbyCon, WWHF, HushCon and others. He teaches the highly-rated Black Hat class, "Attacking and Protecting Kubernetes, Linux, and Containers." He has served on the review board of the O'Reilly Security Conference, the board of Mitre's CVE-related Open Vulnerability and Assessment Language, and been a member of the HoneyNet project. He's briefed both Congress and the White House. 

Questions and topics: (please feel free to update or make comments for clarifications)
* Kubernetes vs. Docker vs. LXC vs. VMs - why did you settle on K8s?
* What's new with k8s? Version 1.33? Do you always implement the latest version in your CTF, or something that is deliberately vulnerable? (https://www.loft.sh/blog/kubernetes-v-1-33-key-features-updates-and-what-you-need-to-know)
* When you are making a CTF, what's your methodology? Threat model then verify? Code review? Github pull requests?
* Story time; Not the first year you've done this(?), have participants ever surprised you finding something you didn't expect? 
* If I'm running K8s at my workplace, what should be bare minimum k8s security I should implement? Any security controls that I should implement that might cause performance or are 'nice-to-have' but may run counter to how orgs use k8s that I should be concerned about implementing? 

Additional information / pertinent LInks (Would you like to know more?):
https://kubernetes.io/ 
DEF CON Kubernetes CTF: https://containersecurityctf.com/ 
Black Hat training:  https://www.blackhat.com/us-25/training/schedule/index.html#0-day-unnecessary-attacking-and-protecting-kubernetes-linux-and-containers-45335 
https://www.bustakube.com/ 
https://github.com/inguardians/peirates 
Rory McCune's blog: https://raesene.github.io/ 
https://www.oreilly.com/library/view/production-kubernetes/9781492092292/  - O'Reilly book: Production Kubernetes

Show points of Contact:
Amanda Berlin: https://www.linkedin.com/in/amandaberlin/
Brian Boettcher: https://www.linkedin.com/in/bboettcher96/ 
Bryan Brake: https://linkedin.com/in/brakeb 
Brakesec Website: https://www.brakeingsecurity.com
Youtube channel: https://youtube.com/@brakeseced
Twitch Channel: https://twitch.tv/brakesec

socvel.com/quiz if you want to play along!

Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec

join the Discord: https://bit.ly/brakesecDiscord

Music:

Music provided by Chillhop Music: https://chillhop.ffm.to/creatorcred

"Flex" by Jeremy Blake
Courtesy of Youtube media library

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information, and do not represent views of past, present, or future employers.

Recorded: 28 Jan 2024

Youtube VOD: https://youtube.com/live/uX7odQTBkyQ

Questions and topics:

1. Let's talk about Mindful Business Podcast

   1. What's the topics you cover?

2. Topic #1: discuss your experiences when you were a new leader.

   1.  What worked? What didn't? What would you have done differently?

   2. Do you emulate your manager's style? What have been your go-to management resources? 

   3. What is a good piece of advice that you've been given or that you impart to others that relates to leadership?

3. Topic #2: building/Operating SaaS products (we can discuss securing them, what functions should be table stakes (data structures, logging, etc)

4. Topic #3: What are bare minimums for building 'secure' Saas products in your particular field? And how do you balance security with a positive user experience (i. e. getting customers to buy into MFA/OAUTH, OTA updates

5. Topic #4: Do many SaaS products get over-integrated? Is the need for integration override best practices in security? 

Additional information / pertinent LInks (Would you like to know more?):

1. Twitter/Mastodon:
   https://twitter.com/AccidentalCISO
   https://infosec.exchange/@accidentalciso

2. The Mindful Business Security Show:
   https://www.mindfulsmbshow.com/
   https://twitter.com/mindfulsmbshow
   

Show points of Contact:

Amanda Berlin: @infosystir @hackershealth 

Brian Boettcher: @boettcherpwned

Bryan Brake: https://linkedin.com/in/brakeb 

Brakesec Website: https://www.brakeingsecurity.com

Youtube channel: https://youtube.com/@brakeseced

Twitch Channel: https://twitch.tv/brakesec

In this episode:

knowing your audience - discussing the IR impact
how did this happen? how deep do you want to tailor your potential discussion?
Every level must be asking "what, when, why, how?", not just those in the trenches
does the level of incident mean that communication scales accordingly?

And much more!

Dr. Catherine J. Ullman (@investigatorchi)

Incident Response communications

Reminders:
Patreon Jeff T. just became a $2 patron!

Accepted to CircleCityCon on IR communications!

Bsides Rochester Security B-Sides Rochester

Spoke at SeaSec meetups:

Qualys Update on Accellion FTA Security Incident | Qualys Security Blog

Security Advisory | SolarWinds

Family Educational Rights and Privacy Act (FERPA)

It's important to share necessary information with senior level people and higher ups, but is there a thing as 'oversharing'? 

How do you toe the line between oversharing and nothing at all?

In higher Ed, are you beholden to different disclosure requirements than businesses?

What is Server Side Request Forgery (SSRF)? | Acunetix

13 Beautiful Tools to Create Status Pages for your Business (geekflare.com)

Laying communication groundwork

Status pages (notifying users)

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#AmazonMusic: https://brakesec.com/amazonmusic 

#Spotify: https://brakesec.com/spotifyBDS

#Pandora: https://brakesec.com/pandora 

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Dr. Catherine J. Ullman (@investigatorchi)

Incident Response communications

Reminders:
Patreon Jeff T. just became a $2 patron!

Accepted to CircleCityCon on IR communications!

Bsides Rochester Security B-Sides Rochester

Spoke at SeaSec meetups:

Qualys Update on Accellion FTA Security Incident | Qualys Security Blog

Security Advisory | SolarWinds

Family Educational Rights and Privacy Act (FERPA)

It's important to share necessary information with senior level people and higher ups, but is there a thing as 'oversharing'? 

How do you toe the line between oversharing and nothing at all?

In higher Ed, are you beholden to different disclosure requirements than businesses?

What is Server Side Request Forgery (SSRF)? | Acunetix

13 Beautiful Tools to Create Status Pages for your Business (geekflare.com)

Laying communication groundwork

Status pages (notifying users)

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#AmazonMusic: https://brakesec.com/amazonmusic 

#Spotify: https://brakesec.com/spotifyBDS

#Pandora: https://brakesec.com/pandora 

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

@thefluffy007

A Bay Area Native (Berkeley)

I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this)

Was a bad student in my ninth grade year - almost kicked out of high school due to cutting. Had a 1.7 GPA. After my summer internship turned it around to a 4.0.

Once I graduated from high school, I knew I wanted to continue on the path of computers. Majored in Computer Science

Graduated with Bachelors and Masters in Computer Science. Graduate Certificate in Information Security and Privacy. Minor in Math.

Interested in security from a Yahoo! Group on Cryptography. Liked how you can turn text into gibberish and back again.

Became interested in penetration testing after moving to Charlotte, and moonlighted as a QA while a full-stack developer.

Co-workers did not want me to test their code because I would always find bugs.

Moved into penetration testing space.

Always had an interest in mobile, but never did mobile development and decided it wasn't for me

Became interested in bug bounties and noticed that mobile payouts were higher.

At this time also completed SANS 575 - Mobile Device Security and Ethical Hacking.
Realized the barrier to entry was VERY (almost non-existent) low in Android as it's open source.

Started to learn/expand mobile hacking on my own time

The threat exposure is VERY high with mobile hacking. As you have a web app component, network component, and phone component. I always reference a slide from Secure Works.

Link to YouTube Channel → thefluffy007 - YouTube

thefluffy007 – A security researchers thoughts on all things security – web, mobile, and cloud

The Mobile App Security Company | NowSecure

owasp-mstg/Crackmes at master · OWASP/owasp-mstg · GitHub

Rana Android Malware (reversinglabs.com)

These 21 Android Apps Contain Malware | PCMag

Android Tamer  -Android Tamer

The Diary of an (Inexperienced) Bug Hunter - Intro to Android Hacking | Bugcrowd

Android Debug Bridge (adb)  |  Android Developers

Goal: discussing best practices and methods to reverse engineer Android applications

Introduction to Java (w3schools.com)

JavaScript Introduction (w3schools.com)

Introduction to Python (w3schools.com)

Frida • A world-class dynamic instrumentation framework | Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX (Frida can be used with JavaScript, and Python, along with other languages)

GitHub - dweinstein/awesome-frida: Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)

Android APK crackme: owasp-mstg/0x05c-Reverse-Engineering-and-Tampering.md at master · OWASP/owasp-mstg · GitHub

Reverse-Engineering - YobiWiki

Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. (ibotpeaches.github.io)

GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

IntroAndroidSecurity download | SourceForge.net ←- link to my virtual machine and Androidx86 emulator

Background:

**consider this a primer for any class you might teach, a teaser, if you will**

Why do we want to be able to reverse engineer APKs and IPKs? 

Android APKS (Android Packages) holds the source code to the application. If you can reverse this you will essentially have the keys to the kingdom. Developers and companies (if they're proprietary) will add obfuscation - a technique to make the code unreadable to thwart reverse engineers from finding out their code.

What are some of the structures and files contained in APKs that are useful for ppl analyzing binaries?

Android applications have to have a MainActivity (written in Java). This activity is the entry point to the application.

Android applications also have an AndroidManifest.xml file which is the skeleton of the application. This describes the main activity, intents, service providers, permissions, and what Android operating system can run the application.

When testing apps for security, how easy is it to emulate security and physical controls if you're not on a handset? 

Pretty easy. You can use an emulator. I must forewarn though - you will need A LOT of memory for it to work effectively.

Are there ever any times you HAVE to use a handset? An app that tests something like Android's Safetynet and won't run without it? Do they ever want perf testing on their apps?

Was thinking about how you check events in logs, battery drain, using apps on older Android/iOS versions? 

When organizations or developers ask you to test an app, is there anything in particular in scope? Out of scope?

How do progressive web apps differ than a more traditional app?

Lab setup

IntroToAndroidSecurity VM

Android Emulator

Tools to use

Why use them? (free, full-featured)

Setup and installation

OS-specific tools?

Tools used - Frida, Jadx-GUI (or command line), text editor. All of these items are free.

No setup required if using my virtual machine :-)

These apps are OS specific if you choose Linux or Windows.

Callbacks

Methodology

Decompile the application - can use a tool titled - Apktool (free)

Look "under the hood" of the application - Jadx-GUI (Graphical User Interface) or Jadx-CLI (command line)

Connect your emulator/device using Android Debug Bridge (adb)

Get version of Frida on device

Look online to find correct version of Frida **this is important**

Start to play around with the tool and see if you receive error messages/prompts. Can then go back to code that was reverse engineered and see where it's located.

Best practices

Leave no stones unturned! Meaning you might see something that seems too rudimentary to work - and yet it does.

Cert pinning - 

Typical issues seen

Hard-coded passwords, data that is not being encrypted in rest or transit. 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#AmazonMusic: https://brakesec.com/amazonmusic 

#Spotify: https://brakesec.com/spotifyBDS

#Pandora: https://brakesec.com/pandora 

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

@thefluffy007

A Bay Area Native (Berkeley)

I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this)

Was a bad student in my ninth grade year - almost kicked out of high school due to cutting. Had a 1.7 GPA. After my summer internship turned it around to a 4.0.

Once I graduated from high school, I knew I wanted to continue on the path of computers. Majored in Computer Science

Graduated with Bachelors and Masters in Computer Science. Graduate Certificate in Information Security and Privacy. Minor in Math.

Interested in security from a Yahoo! Group on Cryptography. Liked how you can turn text into gibberish and back again.

Became interested in penetration testing after moving to Charlotte, and moonlighted as a QA while a full-stack developer.

Co-workers did not want me to test their code because I would always find bugs.

Moved into penetration testing space.

Always had an interest in mobile, but never did mobile development and decided it wasn't for me

Became interested in bug bounties and noticed that mobile payouts were higher.

At this time also completed SANS 575 - Mobile Device Security and Ethical Hacking.
Realized the barrier to entry was VERY (almost non-existent) low in Android as it's open source.

Started to learn/expand mobile hacking on my own time

The threat exposure is VERY high with mobile hacking. As you have a web app component, network component, and phone component. I always reference a slide from Secure Works.

Link to YouTube Channel → thefluffy007 - YouTube

thefluffy007 – A security researchers thoughts on all things security – web, mobile, and cloud

The Mobile App Security Company | NowSecure

owasp-mstg/Crackmes at master · OWASP/owasp-mstg · GitHub

Rana Android Malware (reversinglabs.com)

These 21 Android Apps Contain Malware | PCMag

Android Tamer  -Android Tamer

The Diary of an (Inexperienced) Bug Hunter - Intro to Android Hacking | Bugcrowd

Android Debug Bridge (adb)  |  Android Developers

Goal: discussing best practices and methods to reverse engineer Android applications

Introduction to Java (w3schools.com)

JavaScript Introduction (w3schools.com)

Introduction to Python (w3schools.com)

Frida • A world-class dynamic instrumentation framework | Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX (Frida can be used with JavaScript, and Python, along with other languages)

GitHub - dweinstein/awesome-frida: Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)

Android APK crackme: owasp-mstg/0x05c-Reverse-Engineering-and-Tampering.md at master · OWASP/owasp-mstg · GitHub

Reverse-Engineering - YobiWiki

Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. (ibotpeaches.github.io)

GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

IntroAndroidSecurity download | SourceForge.net ←- link to my virtual machine and Androidx86 emulator

Background:

**consider this a primer for any class you might teach, a teaser, if you will**

Why do we want to be able to reverse engineer APKs and IPKs? 

Android APKS (Android Packages) holds the source code to the application. If you can reverse this you will essentially have the keys to the kingdom. Developers and companies (if they're proprietary) will add obfuscation - a technique to make the code unreadable to thwart reverse engineers from finding out their code.

What are some of the structures and files contained in APKs that are useful for ppl analyzing binaries?

Android applications have to have a MainActivity (written in Java). This activity is the entry point to the application.

Android applications also have an AndroidManifest.xml file which is the skeleton of the application. This describes the main activity, intents, service providers, permissions, and what Android operating system can run the application.

When testing apps for security, how easy is it to emulate security and physical controls if you're not on a handset? 

Pretty easy. You can use an emulator. I must forewarn though - you will need A LOT of memory for it to work effectively.

Are there ever any times you HAVE to use a handset? An app that tests something like Android's Safetynet and won't run without it? Do they ever want perf testing on their apps?

Was thinking about how you check events in logs, battery drain, using apps on older Android/iOS versions? 

When organizations or developers ask you to test an app, is there anything in particular in scope? Out of scope?

How do progressive web apps differ than a more traditional app?

Lab setup

IntroToAndroidSecurity VM

Android Emulator

Tools to use

Why use them? (free, full-featured)

Setup and installation

OS-specific tools?

Tools used - Frida, Jadx-GUI (or command line), text editor. All of these items are free.

No setup required if using my virtual machine :-)

These apps are OS specific if you choose Linux or Windows.

Callbacks

Methodology

Decompile the application - can use a tool titled - Apktool (free)

Look "under the hood" of the application - Jadx-GUI (Graphical User Interface) or Jadx-CLI (command line)

Connect your emulator/device using Android Debug Bridge (adb)

Get version of Frida on device

Look online to find correct version of Frida **this is important**

Start to play around with the tool and see if you receive error messages/prompts. Can then go back to code that was reverse engineered and see where it's located.

Best practices

Leave no stones unturned! Meaning you might see something that seems too rudimentary to work - and yet it does.

Cert pinning - 

Typical issues seen

Hard-coded passwords, data that is not being encrypted in rest or transit. 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#AmazonMusic: https://brakesec.com/amazonmusic 

#Spotify: https://brakesec.com/spotifyBDS

#Pandora: https://brakesec.com/pandora 

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Links to discussed items:

Yandex Employee Caught Selling Access to Users' Email Inboxes (thehackernews.com)

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple | Threatpost

Google pitches security standards for 'critical' open-source projects | SC Media (scmagazine.com)

Google's approach to secure software development and supply chain risk management | Google Cloud Blog

https://vectr.io/

https://www.kitploit.com/2021/02/damn-vulnerable-graphql-application.html

https://www.blumira.com/careers/?gh_jid=4000142004 sec evangelist @blumira

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#AmazonMusic: https://brakesec.com/amazonmusic 

#Spotify: https://brakesec.com/spotifyBDS

#Pandora: https://brakesec.com/pandora 

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Ronnie Watson (@secopsgeek)

Youtube: watson infosec - YouTube

watsoninfosec (Watsoninfosec) · GitHub

Feel free to add anything you like

Wazuh - fork of OSSEC (Migrating from OSSEC · Wazuh · The Open Source Security Platform)

GitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Implementing a Network Security Metrics Programs (giac.org)

What to track.

Some suggested metrics to start with: 

1. Number of Successful Logons – from security audits. 
2. Number of Unsuccessful Logons – from security audits. 
3. Number of Virus Infections during a given period. 
4. Number of incidents reported. 
5. Number of security policy violations during a given period. 
6. Number of policy exceptions during a given period. 
7. Percentage of expired passwords.
8. Number of guessed passwords – use a password cracker to test passwords. 
9. Number of incidents. 
10. Cost of monitoring during a given period – use your time tracking system if you have one.

6 Essential Security Features for Network Monitoring Solutions (solutionsreview.com)

Metrics of Security (nist.gov)

Security metrics are essential to comprehensive network security and CSA management. Without good metrics, analysts cannot answer many security related questions. Some examples of such questions include "Is our network more secure today than it was before?" or "Have the changes of network configurations improved our security posture?"

The ultimate aim of security metrics is to ensure business continuity (or mission success) and minimize business damage by preventing or minimizing the potential impact of cyber incidents. 

DNS over HTTPs  DNS over HTTPS - Wikipedia

Ronnie Watson (@secopsgeek)

Youtube: watson infosec - YouTube

watsoninfosec (Watsoninfosec) · GitHub

Wazuh - fork of OSSEC (Migrating from OSSEC · Wazuh · The Open Source Security Platform)

GitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Implementing a Network Security Metrics Programs (giac.org)

What to track.

Some suggested metrics to start with: 

1. Number of Successful Logons – from security audits. 
2. Number of Unsuccessful Logons – from security audits. 
3. Number of Virus Infections during a given period. 
4. Number of incidents reported. 
5. Number of security policy violations during a given period. 
6. Number of policy exceptions during a given period. 
7. Percentage of expired passwords.
8. Number of guessed passwords – use a password cracker to test passwords. 
9. Number of incidents. 
10. Cost of monitoring during a given period – use your time tracking system if you have one.

6 Essential Security Features for Network Monitoring Solutions (solutionsreview.com)

Metrics of Security (nist.gov)

Security metrics are essential to comprehensive network security and CSA management. Without good metrics, analysts cannot answer many security related questions. Some examples of such questions include "Is our network more secure today than it was before?" or "Have the changes of network configurations improved our security posture?"

The ultimate aim of security metrics is to ensure business continuity (or mission success) and minimize business damage by preventing or minimizing the potential impact of cyber incidents. 

DNS over HTTPs  DNS over HTTPS - Wikipedia

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#AmazonMusic: https://brakesec.com/amazonmusic 

#Spotify: https://brakesec.com/spotifyBDS

#Pandora: https://brakesec.com/pandora 

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec